Physical Security and Visible Identification
Social engineering, such as piggybacking, has become more prominent today. It is important for organizations to know who is on their premises. Physical security should be promoted through security awareness and employees should be comfortable challenging anyone who does not have a physical identification (i.e. a badge). While on premise, all staff and visitors should have a badge on them and placed in a visible manner (i.e. attached to the lapel of a jacket or chest pocket, on a lanyard around the neck, or hooked to a belt).
- Policy is documented, followed, reviewed, updated, and tested regularly
- Facilities must benefit from adequate controls (e.g.. alarms, fences, locks, lighting, access control systems, cameras, guards)
- Staff and visitors must wear visible identification (including a picture) and challenge those who do not